SECOCL64[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SECOCL64.exe
Size

1.3MB
MD5

a67d4e1df0f2442040d24f7e524fe88b
SHA1

a152cfd28ff32a963369e59e5ff8de852082603a
SHA256

17a415b1b8800418847b6914d04682af067b8b6dde82cc36b6b27647ea5b139c
SHA512

7522dd40aeb6a68ff839fb46fea593c4aaa8a76e0b4c2d1617fac82ea6bde543d531f3c93b6538a690d2f90ed8d801336e46bd7748c8c1468605ec4cd6f0069d
SSDEEP

24576:GktJ1jUqpsgL8Lzt+419HoeO2LFXU31a0Oz+9FN9T8Ig1Y:ptJ1IQsgL899HHG2Zk36Yc1Y

Score

1^/10

Malware Config

Signatures

Files

SECOCL64.exe
.exe windows x64

46b099588f21e900bc8ace907ccffb4a

Code Sign

33:00:00:00:4d:e5:97:a7:75:e3:15:7f:7b:00:00:00:00:00:4d
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

09/09/2021, 19:15

Not After

01/09/2022, 19:15

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:c4:50:21:ba:6e:d8:5a:72:ad:00:00:00:00:00:c4
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

17/06/2021, 17:55

Not After

16/06/2022, 17:55

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:50:69:eb:35:90:09:37:84:7a:ab:d4:b7:66:1c:fb:2a:93:03:53:aa:08:a1:53:fc:8d:5e:08:01:05:39:14
Signer

Actual PE Digest

1d:50:69:eb:35:90:09:37:84:7a:ab:d4:b7:66:1c:fb:2a:93:03:53:aa:08:a1:53:fc:8d:5e:08:01:05:39:14

Digest Algorithm

sha256

PE Digest Matches

true

1d:50:69:eb:35:90:09:37:84:7a:ab:d4:b7:66:1c:fb:2a:93:03:53:aa:08:a1:53:fc:8d:5e:08:01:05:39:14
Signer

Actual PE Digest

1d:50:69:eb:35:90:09:37:84:7a:ab:d4:b7:66:1c:fb:2a:93:03:53:aa:08:a1:53:fc:8d:5e:08:01:05:39:14

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CloseHandle
GetModuleFileNameW
LoadLibraryW
GetProcAddress
FreeLibrary
FindNextFileW
FindFirstFileExW
GetModuleFileNameA
FindResourceW
LoadResource
LockResource
WriteFile
CreateDirectoryW
WaitNamedPipeW
GetLastError
CreateFileW
WaitForMultipleObjects
GetCurrentThreadId
InitializeCriticalSection
CreateEventW
CreateThread
GetOEMCP
EnterCriticalSection
GetACP
IsValidCodePage
LeaveCriticalSection
WaitForSingleObject
SetEvent
DeleteCriticalSection
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentProcessId
GetEnvironmentStringsW
CreateFileA
ReadFile
HeapFree
InitializeCriticalSectionEx
HeapSize
FreeEnvironmentStringsW
RaiseException
HeapAlloc
GetTimeZoneInformation
DecodePointer
EnumSystemLocalesW
GetProcessHeap
OpenProcess
K32GetModuleFileNameExW
GetProcessTimes
ConnectNamedPipe
DisconnectNamedPipe
SetEnvironmentVariableW
SetStdHandle
LocalAlloc
SetEndOfFile
WriteConsoleW
CreateNamedPipeW
RtlUnwind
LocalFree
QueryDosDeviceW
GetUserDefaultLCID
GetModuleHandleA
IsValidLocale
DuplicateHandle
GetCurrentProcess
PssCaptureSnapshot
PssWalkMarkerCreate
PssWalkSnapshot
GetFinalPathNameByHandleW
PssWalkMarkerFree
PssFreeSnapshot
FindFirstFileW
FindClose
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFileSizeEx
GetConsoleOutputCP
ReadConsoleW
MultiByteToWideChar
WideCharToMultiByte
GetConsoleMode
SetFilePointerEx
GetFileType
GetCommandLineW
GetCommandLineA
HeapReAlloc
GetStdHandle
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
InterlockedPushEntrySList
TryEnterCriticalSection
FormatMessageW
GetProductInfo
FlushFileBuffers
OutputDebugStringW
CreateMutexExW
OpenMutexW
GetStringTypeW
QueryPerformanceCounter
QueryPerformanceFrequency
GetLocaleInfoEx
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForSingleObjectEx
GetExitCodeThread
IsProcessorFeaturePresent
GetModuleHandleW
EncodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetSystemTimeAsFileTime
IsDebuggerPresent
FindPackagesByPackageFamily
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
InitializeCriticalSectionAndSpinCount
GetStartupInfoW

ole32

CoCreateGuid
CoTaskMemFree
CoInitializeEx
CoUninitialize
PropVariantClear
CoCreateInstance
CoCreateFreeThreadedMarshaler

mfreadwrite

MFCreateSourceReaderFromURL

mfplat

MFCreateMediaType
MFStartup

propsys

PropVariantToInt64

user32

PostThreadMessageW
GetMessageW
TranslateMessage
DispatchMessageW

advapi32

FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
AllocateAndInitializeSid
RegCreateKeyW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW

shell32

SHGetKnownFolderPath

oleaut32

SetErrorInfo
GetErrorInfo
SysFreeString
SysAllocString
SysStringLen

winhttp

WinHttpReceiveResponse
WinHttpOpen
WinHttpConnect
WinHttpCloseHandle
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpOpenRequest
WinHttpSendRequest

secomn64

SEAPOCOMAPI_SetAPOType
SEMISCAPI_IsBrowserExtensionInstalled
SEAPOCOMAPI_GetLastError
SEAPOCOMAPI_FreeEndpoint
SEAPOCOMAPI_GetEndpoint
SEAPOCOMAPI_FreeAPI
SEAPOCOMAPI_GetUserParameterEx
SEMISCAPI_OpenBrowser
SEAPOCOMAPI_SetUserParameterEx
SEAPOCOMAPI_InitializeAPI

Sections

.text
Size: 968KB - Virtual size: 968KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 276KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

46b099588f21e900bc8ace907ccffb4a

Code Sign

33:00:00:00:4d:e5:97:a7:75:e3:15:7f:7b:00:00:00:00:00:4dCertificate

Extended Key Usages

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0dCertificate

Key Usages

33:00:00:00:c4:50:21:ba:6e:d8:5a:72:ad:00:00:00:00:00:c4Certificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

1d:50:69:eb:35:90:09:37:84:7a:ab:d4:b7:66:1c:fb:2a:93:03:53:aa:08:a1:53:fc:8d:5e:08:01:05:39:14Signer

1d:50:69:eb:35:90:09:37:84:7a:ab:d4:b7:66:1c:fb:2a:93:03:53:aa:08:a1:53:fc:8d:5e:08:01:05:39:14Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

mfreadwrite

mfplat

propsys

user32

advapi32

shell32

oleaut32

winhttp

secomn64

Sections

.text Size: 968KB - Virtual size: 968KB

.rdata Size: 276KB - Virtual size: 275KB

.data Size: 64KB - Virtual size: 72KB

.pdata Size: 39KB - Virtual size: 39KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 8KB - Virtual size: 7KB

33:00:00:00:4d:e5:97:a7:75:e3:15:7f:7b:00:00:00:00:00:4d
Certificate

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

33:00:00:00:c4:50:21:ba:6e:d8:5a:72:ad:00:00:00:00:00:c4
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

1d:50:69:eb:35:90:09:37:84:7a:ab:d4:b7:66:1c:fb:2a:93:03:53:aa:08:a1:53:fc:8d:5e:08:01:05:39:14
Signer

1d:50:69:eb:35:90:09:37:84:7a:ab:d4:b7:66:1c:fb:2a:93:03:53:aa:08:a1:53:fc:8d:5e:08:01:05:39:14
Signer

.text
Size: 968KB - Virtual size: 968KB

.rdata
Size: 276KB - Virtual size: 275KB

.data
Size: 64KB - Virtual size: 72KB

.pdata
Size: 39KB - Virtual size: 39KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 7KB